- Human and Partners Security Researchers interrupt Badbox 2.0 Botnet
- They eliminated dozens of malicious applications from Play Store and sank multiple domains
- The botnet aimed at low cost and low -cost Android devices
Badbox 2.0, the spiritual successor of the malware of Android Badbox, has been interrupted after cybersecurity experts of the human’s satori intelligence team, along with multiple partners, eliminated dozens of malicious applications of the Play Store store, banned their developers and sank into communications for hundreds of thousands of thousands of infected devices.
“Infected devices are Android open source project devices, NO OS Android TV devices or Android Play Protect android devices. All these devices are manufactured in continental China and sent worldwide, ”explained the researchers.
In total, 24 malicious applications were eliminated in Play Store that distributed Badbox 2.0, and developer accounts that loaded these applications were prohibited on the platform. Then, humans also sank an unleashed number of domains, effectively cutting communications between malware and C2 servers, so in other words, devices are still infected, but malware is not operational.
Sink the domains
Badbox is a piece of malware that converts Android devices infected into residential proxies. They are used in advertising fraud, filling of credentials and other forms of cyber crime. Apparently, Badbox infected hundreds of thousands of devices, from TV transmission boxes to smart televisions and smartphones. No one knows exactly how these devices ended up being infected. Some believe they were committed to early production, while others claim that Badbox was abandoned somewhere along the supply chain. In any case, these are overwhelmingly low -price devices, “out of brand” or not certified.
The German authorities recently interrupted the operation within their borders, but that only diverted it a bit. In the weeks after the operation, Badbox grew to more than one million infected devices (although they were mostly located outside Germany, in countries such as Brazil, the United States and Mexico).
Given its size and resilience, human safety researchers called it “Badbox 2.0”. Now, together with Google, Trend Micro, the Shadowserver Foundation and other partners, Human interrupted the new operation in multiple ways.
As usual, the best way to defend themselves from these attacks is to buy hardware and software from accredited sources, keep updated assets and monitor the malicious activity.
Through Bleepingcomputer
